Creating of a safe, secure and prosperous cyberspace through internationally leading research and educational programmes

With experts working in over 20 units across the University, the network is able to address the difficult questions that cross the borders of traditional academic disciplines: what does ‘good’ cybersecurity look like, and how does that change in different contexts? How can technology interact gracefully with messy human realities?

Verification and assurance: Two disciplines that help establish how much confidence you can have in a system. Assurance focuses on managing risks related to the use, processing, storage, and transmission of information, whereas Formal Verification seeks to build a mathematical model of a digital system and then try to prove whether it is ‘correct’ (this often helps spot subtle flaws). The Automated Verification group at the University of Oxford is one of the largest and most respected in the world. See for example the Scyther tool, the Tamarin prover, and work in Concurrency and Mobile security technology.

Operational risk and analytics: understanding the risk and harm resulting from cyberattack, and how it propagates across and between organisations. Work focuses on creating situational awareness; metrics and models for security postures; and analytics for predicting risk, prioritising responses and supporting security operations. See for example the Corporate Insider Threat Detection project, the METAVIS project, the Richer Picture project, and work on Corporate supply chain risk.